Things I Hearted this Week, 11th May 2018

May 11, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Growing up in London, I don’t think we ever got Mister Rogers on TV. With the new movie coming out on his life, there have been many articles and columns discussing him. An interesting fact I came across was that Mister Rogers always mentioned out loud that he was feeding his fish because a blind viewer once asked him to do so. She wanted to know the fish were OK.

First I thought it’s a lovely gesture. But then I started wondering about system designs and notifications, particularly in security operations. The mentioning out loud that the fish is being fed is akin to the tuning of a SIEM so that a user receives alerts and gains visibility into the things that matter to them the most.

So, thought of the day is, if you’re Mister Rogers, what is the fish in your organization? And how will you let your execs (viewers) know that you are feeding it?

World Password Day

Last Thursday was world password day. Usually, it’s a day where people throw out reminds that one should use a strong password, and some marketing departments like Nutella offer up some truly bad advice.

But Twitter took world password day to a whole new level, by advising all of its 330 million users (or 100m users and 230m bots) to change passwords after it was found they were lying around in plaintext.

Block Adblock

This post exposes the underbelly of the ad-blocking business, and how some ad-blocker companies are just as bad as the advertisers they claim to be able to block for your benefit.

Sounds like a crime caper penned by Quentin Tarantino if you ask me.

The real digital danger

“Total victory for the monopoly is not over economics or politics. It’s over assumptions, ideas and possible futures. Because when that happens, Big Tech won’t need to lobby or buy out competitors. They will have so insinuated themselves in our lives and minds, that we won’t be able to imagine a world without them.”

Thinking of the kids

Lance Spitzner is one of the leading experts on security awareness, running one of my favourite security awareness conferences and a hugely popular SANS training course.

He was recently invited to speak to junior high and high school kids about careers in cybersecurity. He’s shared his slides with full notes – which are really well put together. He’s also soliciting feedback, so help out if you can.

Gooder Writing

I’ve been an advocate for security professionals to invest time into honing their communication skills. Be that presentations, writing, or general communications...

So, I liked Lenny Zeltser’s post which has some nice tips on becoming a better technical writer.

US extradites Romanian Hackers

“A pair of Romanian men face charges in the US after netting $18 million in a vishing and smishing scheme targeting US citizens. Teodor Laurentiu Costea and Robert Codrut Dumitrescu have been extradited from Romania to the US and have been charged with wire fraud conspiracy, wire fraud, computer fraud and abuse, and aggravated identity theft.”

All these vulnerabilities, rarely matter

“The most interesting and unexplored question to me these days is NOT the sheer size of the vulnerability problem, or why so many issue remain unresolved, but instead figuring out why all those ‘serious’ website vulnerabilities are NOT exploited.”

+ A Week of Web Application Hacks and Vulnerabilities | Contrast Security

Digital Dumping Grounds

Sneaking in a bit of self-promotion here by sharing one of my own opinion articles on Infosecurity magazine on preventing the cloud from becoming a digital dumping ground.

Patch it yourself

A large number of South Korean-produced Dasan routers were suffering from a bunch of zero-day vulnerabilities.

Researchers became impatient waiting for the manufacturer to release a patch, so they made an unofficial patch themselves.

Putting CISSP into perspective

Security certifications are often a hot topic of debate. In particular, CISSP, one of the most popular of security certs gets a lot of unfair criticism in my opinion.

Paco Hope has a lot of experience with them, and shares his perspective.

+related, Chris Young charts his journey to getting his OSCP certification

Build security into software up front

“You can pay me now, or you can pay me later” was the tagline of a 1981 ad promoting oil filters.

Seems simple, but the implied message was much stronger: It wasn’t about paying the same amount now or later. It was about paying a little now for an oil change or vastly more for an engine rebuild later—which made the choice pretty much a no-brainer.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL